Mozilla released Firefox 40. The update includes four critical, seven high and two moderate security updates.
The new release now issues a warning if you visit a page known to contain deceptive software that can make undesirable changes to your computer.
Mozilla is taking steps to ensure that using add-ons is a safe and secure experience. In future releases of Firefox, any third-party add-on that has not been certified will be disabled by default. Today, you will start seeing warnings next to unsigned add-ons in Firefox, but no add-ons will be automatically disabled. These warnings will inform you about add-ons that have not been certified by Mozilla and we’re working with add-on developers to help them meet our standards and make add-ons safer for you.
Fixed in Firefox 40:
- MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers
- MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
- MFSA 2015-90 Vulnerabilities found through code inspection
- MFSA 2015-89 Buffer overflows on Libvpx when decoding WebM video
- MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
- MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file
- MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
- MFSA 2015-83 Overflow issues in libstagefright
- MFSA 2015-81 Use-after-free in MediaStream playback
- MFSA 2015-80 Out-of-bounds read with malformed MP3 file
- MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)